From One Sysadmin to another: Thinking about Security in the Work-From-Home World
I was recently published on my company's blog! My article covers some high-level security concerns and recommendations during these unprecedented times. Check it out!
Transitioning BitTitan to a one hundred percent cloud company has positioned us to be very resilient in the work-from-home transition.
We’ve avoided negative impacts to productivity by proactively reducing our reliance on hub-and-spoke infrastructure, like VPN architectures.
We also established strong identity practices early, using built-in controls like Azure conditional access, Office 365 multi-factor authentication, just-in-time access to local admin rights, and cloud device management with Intune. But security remains a daily concern, especially with emerging COVID-19 themed threats.
While our established cloud infrastructure allowed us to shut the doors on headquarters without productivity loss, we still found ourselves responding to situations we didn’t anticipate. Since the entire workforce moved remote overnight, our AI alerting took time to catch up to new user behaviors.
Alerting systems that used to be reliable needed time to recalibrate to behavior changes.
It took more time and a more critical eye to wade through false positives and find legitimate threat alerts. Increased activity forced us to dissect our security policies almost daily. We’re still seeing more sophisticated email-based attacks everyday. Built-in reporting and monitoring provides a high level of visibility into the behaviors in our environment, yet sometimes it doesn’t seem to lend much insight into legitimate threats. Alert and change fatigue could be imminent if we don’t find a way to dial our daily work to the new normal.
The Long-Term Outlook
But this is not a normal work-from-home scenario. There’s no defined end date, meaning you should be prepared for a larger remote workforce moving forward. It’s expected that between 10% and 50% of workers will remain remote after the stay-at-home orders are lifted. How do you continue to maintain a productive and secure cloud workforce with more and more remote users? Do you need to increase the size of your IT team? How do you scale to the new security needs of a remote workforce? Now more than ever, the conversation about security needs to change.
A lot of my fellow systems administrators have an adversarial relationship with the workforce they support when it comes to enforcing security policies. This is felt more poignantly now as new and sophisticated threat actors take advantage of distracted organizations trying to cope with the new normal. It could be a lot to ask of your users to think like SecOps while they’re stuck at home during a pandemic. Users are likely the most vulnerable threat vector, but they’re also your first line of defense. Wouldn’t it better to think of your workforce as your Tier 0 security team?
With a company-wide crew of well-educated first-line defenders, you could turn your organization into a formidable foe.
Make everyone a part of your security team
While you can’t expect users to have advanced incident response skills, you can help develop an awareness of security best practices and basic incident recognition skills. How do you change the culture of the organization to embrace security as a daily mindset? There’s a lot systems administrators can do to break down the barriers to that conversation. For example, start small by posting security tips on Teams or Slack. Have a casual chat with a user about setting a password on their home wifi. These small acts can evolve into a regular training program intended to shift norms within your organization to include strong security awareness. This training program could gradually grow in complexity as your users become stronger and more confident in their security awareness. Before you know it, you’ve recruited your entire company to your Blue Team.
Most of all, be available to your users as an individual. The perception of a systems administrator can often be mixed; some can be perceived as barriers to productivity. But you can shift the tone of the conversation from “IT won’t let me have this software,” to “IT recommends we evaluate other options,” and be better positioned for a strong security culture. Create an understanding with your users that as your organization transitions to the cloud, their role in security becomes more and more important.
One thing we can take away from our current situation is that remote work may be the new norm. Your IT infrastructure and SecOps needs to be responsive enough to accommodate both emerging user behaviors and new threat actors.
The relationship between IT and users can play a crucial role in keeping your organization secure.
Turn the responsibility for security towards your users and you’ll be well-positioned to move to the cloud with confidence.